Virtual Autograph

What's Going On

When I started working at Google, I had the sudden realisation that I am working at the same company as people like Ken Thompson, Vint Cerf and Bram Moolenaar.
These are people whom I'd ask for an autograph, if I ever get to meet them. So I thought: why not! And what's even better than an autograph on a piece of paper, is a cryptographic signature on an actual executable file. Imagine how cool it'd be to say "Hey Bram, can you please sign my vim?", or "Ken Thompson, oh my God! Mind writing 'To my dearest friend, Dan' on my gcc?"
That's what Virtual Autograph is about: you upload a file, write a dedication, and we email it to your hero to sign. Once they do, you get an email with your very own copy of, say, tcpdump, signed by Vint Cerf himself - so now you can, uh, sniff packets, just like before, but be dorkily happy about it.

How It Works

You, your hero, the date and the dedication are appended to the file (ELFs, PEs and Mach-Os don't care for some extra data at their end), and your hero's private key is used to sign everything.
To see an autograph, upload a file, and we'll validate its signature and extract its dedication. If you want to do it yourself, run grep -aA5 AUTOGRAPH <file> to get the autograph, and use RSA4096 to validate the last 512 bytes on the SHA256 of the rest of the file, using your hero's public key at /public-key/<email>.